Severity
High
Description
Contains a dependency which resolves to a remote git URL. Dependencies fetched from git URLs are not immutable can be used to inject untrusted code or reduce the likelihood of a reproducible install.
Suggestion
Publish the git dependency to npm or a private package repository and consume it from there.
Packages with this issue
Module to handle web3 RPC connections over WebSockets.
Web3 module to generate Ethereum accounts and sign data and transactions.
Experimental implementation of a new declarative API for gesture handling in react-native
Node addon for string extraction for msgpackr
A few useful functions for signing ethereum data